Package: refpolicy Version: 2:0.0.20080702-14 Severity: normal Tags: patch Hi,
the policy expects the etc files in the /etc/ directory. In fact these files are in the /etc/dovecot sub-directory. As a result of this dovecot_t and dovecot_auth_t require permission search_dir_perm. See the attached patch. Thanks Frank
diff -urN refpolicy-0.0.20080702/policy/modules/services/dovecot.fc refpolicy-0.0.20080702.new/policy/modules/services/dovecot.fc --- refpolicy-0.0.20080702/policy/modules/services/dovecot.fc 2009-03-01 16:59:39.000000000 +0100 +++ refpolicy-0.0.20080702.new/policy/modules/services/dovecot.fc 2009-03-01 17:31:47.000000000 +0100 @@ -7,6 +7,12 @@ /etc/pki/dovecot(/.*)? gen_context(system_u:object_r:dovecot_cert_t,s0) +# Debian uses /etc/dovecot/ +ifdef(`distro_debian', ` +/etc/dovecot(/.*)? gen_context(system_u:object_r:dovecot_etc_t,s0) +/etc/dovecot/passwd.* gen_context(system_u:object_r:dovecot_passwd_t,s0) +') + # # /usr # diff -urN refpolicy-0.0.20080702/policy/modules/services/dovecot.te refpolicy-0.0.20080702.new/policy/modules/services/dovecot.te --- refpolicy-0.0.20080702/policy/modules/services/dovecot.te 2008-07-02 16:07:57.000000000 +0200 +++ refpolicy-0.0.20080702.new/policy/modules/services/dovecot.te 2009-03-01 17:31:47.000000000 +0100 @@ -1,5 +1,5 @@ -policy_module(dovecot, 1.9.0) +policy_module(dovecot, 1.9.1) ######################################## # @@ -54,6 +54,10 @@ read_lnk_files_pattern(dovecot_t,dovecot_cert_t,dovecot_cert_t) allow dovecot_t dovecot_etc_t:file read_file_perms; +# Debian uses /etc/dovecot/ +ifdef(`distro_debian', ` +allow dovecot_t dovecot_etc_t:dir search_dir_perms; +') files_search_etc(dovecot_t) can_exec(dovecot_t, dovecot_exec_t) @@ -164,6 +168,10 @@ auth_domtrans_chk_passwd(dovecot_auth_t) auth_use_nsswitch(dovecot_auth_t) +# Debian uses /etc/dovecot/ +ifdef(`distro_debian', ` + allow dovecot_auth_t dovecot_etc_t:dir search_dir_perms; +') files_read_etc_files(dovecot_auth_t) files_read_etc_runtime_files(dovecot_auth_t) files_search_pids(dovecot_auth_t)